New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Are we able to whitelist a subnet of IPs? #98

shanaver opened this Issue Oct 17, 2014 · 4 comments


None yet
5 participants
Copy link

shanaver commented Oct 17, 2014

For example, all of CloudFlare's IPs:

How would I create a rule to whitelist all of those?


This comment has been minimized.

Copy link

gsamokovarov commented Oct 18, 2014

You can use IPAddr to represent a subnet. Something like this can work for you:

require 'ipaddr'

Rack::Attack.whitelist('allow from') do |request|'').include? request.ip

This comment has been minimized.

Copy link

ktheory commented Oct 18, 2014

@shanaver: I recommend @gsamokovarov's solution above. Cheers.

@ktheory ktheory closed this Oct 18, 2014


This comment has been minimized.

Copy link

bensomers commented Oct 18, 2014

Word to the wise: past versions of IPAddr have had very serious memory leaks - I attempted to use it in a blacklisting tool and it wasn't remotely feasible. Don't know about the current version - I believe that was on an early 1.9.2 release.


This comment has been minimized.

Copy link

shanaver commented Oct 20, 2014

thanks for the input everyone - perfect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment